The Payment Card Industry Data Security Standard (PCI-DSS) is gaining momentum. It requires merchants (and providers) to “use strong cryptography and security protocols such as SSL/TLS or IPSEC to safeguard sensitive cardholder data during transmission over open, public networks.” when dealing with credit card numbers and account information.

One aspect of securing the data is the encryption of the communication between the browser (client) and the server. Most of our customers use Apache web server, and by default, this lets clients use weak encryption protocols and ciphers, mainly for backward compatibility with old browsers.

We recommend our customers to include these Apache configuration directives in their ssl.conf file. In fact, all our VPS images include this by default: